dsdb: Slightly tune get_new_descriptor()

DBG_DEBUG only calls its arguments if required according to the debug
level. A simple talloc_new/TALLOC_FREE in the normal case should be
much cheaper than the full sddl_encode().

I just stumbled across this code, this is has not shown up in any
profiles. I just think it's cleaner this way.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index daa08c2ebc77a5566114ea58f5d36fe973b35cbf..8a4c2c3591f7e0d09619275a1936cb22d7755f0c 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -257,7 +257,6 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
        struct auth_session_info *session_info
                = ldb_get_opaque(ldb, DSDB_SESSION_INFO);
        const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
-       char *sddl_sd;
        struct dom_sid *default_owner;
        struct dom_sid *default_group;
        struct security_descriptor *default_descriptor = NULL;
@@ -414,8 +413,13 @@ static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
                final_sd->sacl->revision = SECURITY_ACL_REVISION_ADS;
        }
 
-       sddl_sd = sddl_encode(mem_ctx, final_sd, domain_sid);
-       DEBUG(10, ("Object %s created with descriptor %s\n\n", ldb_dn_get_linearized(dn), sddl_sd));
+       {
+               TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+               DBG_DEBUG("Object %s created with descriptor %s\n\n",
+                         ldb_dn_get_linearized(dn),
+                         sddl_encode(tmp_ctx, final_sd, domain_sid));
+               TALLOC_FREE(tmp_ctx);
+       }
 
        linear_sd = talloc(mem_ctx, DATA_BLOB);
        if (!linear_sd) {